Monitoring user experience using data blocks for secure data access

ABSTRACT

Techniques for enabling secure access to data using data blocks is described. Computing device(s) can provide instruction(s) to a component associated with an entity, wherein the instruction(s) are associated with an identifier corresponding to a data block of a plurality of data blocks. The computing device(s) can receive, from the component, data associated with the component, wherein the data is associated with the identifier and is indicative of a state of the component. The computing device(s) can store the data in the data block and monitor, using rule(s), changes to the state of the component based at least partly on the data in the data block. As a result, techniques described herein enable near real-time—and in some examples, automatic—reporting and/or remediation for correcting changes to the state of the component using data that is securely accessed by use of data blocks.

RELATED APPLICATIONS

This application is a continuation of and claims priority to U.S. patentapplication Ser. No. 17,234,775, filed Apr. 19, 2021, and issued as U.S.Pat. No. 11,606,270, on Mar. 14, 2023, which is a continuation of U.S.patent application Ser. No. 16/718,107, filed Dec. 17, 2019, and issuedas U.S. Pat. No. 11,012,326, on May 18, 2021, the contents of which areincorporated by reference herein in their entirety.

BACKGROUND

Cloud-based service providers are companies that offer network services,infrastructure, and/or applications “in the cloud.” Such servicesavailed via the cloud are hosted by hundreds—if not thousands—of servercomputing devices and/or other data centers that can be accessed byusers using network connectivity.

As companies move away from on-premise computing infrastructures tocloud-based computing infrastructures, where users are spread acrosshundreds of server computing devices, identifying and troubleshootingtechnology issues has become increasingly difficult. That is, with usersspread across hundreds of server computing devices, informationtechnology (IT) professionals cannot easily determine when there is anissue (e.g., affecting computer and/or network performance) and/or wherethe issue is located. This challenge is amplified when companies areusing cloud-based services via cloud-based computing infrastructures.Thus, as companies move to cloud-based computing infrastructures and/orcloud-based services, technology issues can be frustrating and costly.Further, the lack of detection and/or access to remediation cannegatively affect application, computer, network and/or customerperformance (and thus experience).

BRIEF DESCRIPTION OF THE DRAWINGS

The detailed description is set forth with reference to the accompanyingfigures. In the figures, the left-most digit(s) of a reference numberidentifies the FIG. in which the reference number first appears. The useof the same reference numbers in different figures indicates similar oridentical items or features.

FIG. 1 illustrates an example environment for performing techniquesdescribed herein.

FIG. 2 illustrates an example environment for accessing data from asecure computing infrastructure using data blocks, as described herein.

FIG. 3 illustrates an example user interface via which a rule can beprovided to a monitoring service provider, as described herein.

FIG. 4 illustrates an example user interface for monitoring states ofuser devices, as described herein.

FIG. 5 illustrates an example process for monitoring a state of a userdevice and/or effectuating a remedial action, as described herein.

FIG. 6 illustrates an example process for effectuating a remedial actionbased at least in part on a number of devices being associated withstate changes, as described herein.

FIG. 7 illustrates an example process for training a data model usingmachine learning techniques, as described herein.

FIG. 8 illustrates an example process for training a data model usingmachine learning techniques, as described herein.

FIG. 9 illustrates an example process for monitoring a state of a userdevice using data received from a data block and/or effectuating aremedial action, as described herein.

FIG. 10 illustrates an example computing device for performingtechniques described herein.

DETAILED DESCRIPTION

This disclosure describes techniques for monitoring user experiences ofusers using services of a cloud-based service provider via a computinginfrastructure—including both cloud-based devices and/or on-premisedevices—of a company, business, or other entity. That is, techniquesdescribed herein are directed to monitoring user experiences to identifyissues with services of a cloud-based service provider and/or userdevices accessing such services so that proactive and/or correctiveactions can be performed to avoid issues that affect productivity and/oruser satisfaction. In some examples, techniques described herein canmonitor user experience by analyzing health details and/or other datathat is regularly and/or securely received by a service providerproviding (user experience) monitoring services from the user devices.In some examples, techniques described herein can provide near real-timereporting based on such analyzing. Techniques described herein thereforeenable action to be performed to correct (or avoid) poor userexperiences.

For any company who has a sizable workforce of users with user devices,such as laptops, desktops, mobile devices, etc., it is important thatsuch users are productive with their technology. Such technology can addsignificant value to a company when users are productive. However, iftechnology is an impediment, users can get frustrated and companies canlose revenue. Therefore, companies invest significant resources intoinfrastructure for understanding the user experiences of their userbases. In some examples, companies hire teams of administrativeprofessionals (e.g., information technology (IT) teams) to fieldquestions or concerns regarding technology issues. In some examples,companies utilize software or other technology for troubleshootingtechnology issues.

When companies utilize on-premise computing infrastructures, identifyingand troubleshooting technology issues is relatively easy. For instance,if a particular user is having issues with an email application, forexample, an IT professional can locate which on-premise server computingdevice is causing the issue and can troubleshoot the issue. However, ascompanies move away from on-premise infrastructures to cloud-basedcomputing infrastructures, where users are spread across hundreds ofserver computing devices (in addition to any on-premise computingdevices), identifying and troubleshooting technology issues has becomeincreasingly difficult. That is, with users spread across hundreds ofserver computing devices, IT professionals cannot easily determine whenthere is an issue and/or where the issue is located. For instance, if aparticular business application associated with a cloud-based serviceprovider (e.g., an email application, a teleconference application,etc.) is inoperable or is otherwise causing inefficiencies, an ITprofessional contacts the cloud-based service provider and waits untilthe cloud-based service provider can troubleshoot the issue, so that theIT professional can troubleshoot the issue within its own computinginfrastructure. This delay can introduce frustration and can affectproductivity. Furthermore, while the issue remains, user devices and/orthe network can be negatively affected. Thus, as companies move tocloud-based computing infrastructures, technology issues can befrustrating and costly. Further, the lack of detection and/or access toremediation can negatively affect computer and/or network performance.

Techniques described herein enable companies and/or service providersassociated with such companies to obtain data associated with userexperience in near real-time to enable the companies and/or serviceproviders to perform actions to correct (or avoid) poor user experiencesthat can negatively affect computer and/or network performance. In someexamples, a service provider providing monitoring and/or remediationservices can monitor inputs from one or more user devices runningrespective instances of a light weight agent (e.g., a program, havingminimal code, provided by the service provider) to collect dataindicative of experiences of the one or more users. Such data canindicate the health of the user devices and/or the services beingprovided by a cloud-based service provider. That is, such data can beindicative of the health of a system, application, network, etc. withwhich the one or more user devices are associated. In at least oneexample, the service provider (e.g., providing monitoring and/orremediation services) can access such data regularly and securely, and,in some examples, without accessing user-authored and/or useridentifiable data. The service provider can analyze the inputs todetermine if/when a state of a user device changes. In some examples,such a state can be indicative of user experience.

In some examples, the service provider can analyze the inputs in view ofone or more rules to determine when to initiate and/or perform aremedial action with respect to a user device. Such rules can beconfigurable based on products/services (e.g., availed by cloud-basedservice provider(s)), companies, users (e.g., characteristics associatedtherewith), geographic location, time of day, date, and the like. Insome examples, such rules can be determined intelligently, using machinelearning techniques.

In at least one example, the service provider (e.g., providingmonitoring and/or remediation services) can send a notification to adesignated user (or group of users) to perform the remedial action. Inother examples, the service provider can automatically perform theremedial action (e.g., without requiring input from a user, such as thedesignated user described above). As described above, techniquesdescribed herein enable the service provider to obtain data associatedwith user experience in near real-time to enable the service provider toperform preventative and/or corrective actions to mitigate poor userexperiences.

As an example, a company can add a user device of an employee of thecompany to a subscription for the monitoring and/or remediation servicesoffered by the service provider (e.g., via a portal provided by theservice provider). In some examples, the employee can be an executive orother individual associated with a particular level of status orprivilege. The company can provide, among other services, cloud-basedservices via a cloud-based computing infrastructure. For example, thecompany can provide a cloud-based email service, a cloud-basedtelecommunication service, etc. to enable the employee to perform dutiesassociated with his or her employment. As described below, suchcloud-based services can be monitored by the service provider providingaforementioned monitoring and/or remediation services (e.g., by virtueof the company subscribing to such services and adding the user deviceof the employee to its subscription).

In at least one example, to register the user device with thesubscription of the company—and thus subject the user device tomonitoring by the service provider—the user device can be added to aportal associated with the service provider and the service provider cancause a light weight agent (e.g., a program, having minimal code,provided by the service provider) to be downloaded on the user device.The light weight agent can run as a background process, sending healthdata and/or other data associated with the user device to the serviceprovider (e.g., in near real-time, at substantially regular intervals,etc.).

In at least one example, the service provider can analyze the healthdata and/or other data to determine whether a cloud-based email service,among other cloud-based services, is performing properly. That is, theservice provider can access a rule that pertains to operations of thecloud-based email service. In an example, if the health data and/orother data indicates that emails of the user associated with the userdevice are being held in an outbox, the service provider can send anemail to IT personnel associated with the company (which may beprescribed by the rule). As such, the IT personnel can perform one ormore actions to remedy the issue. In an alternate example, the serviceprovider can automatically perform the one or more actions to remedy theissue (which may be alternately prescribed by the rule). This type ofmonitoring can enable the service provider and/or the company to performaction(s) to correct (or avoid) poor user experiences in an effort toensure that the user is able to use his or her user device efficiently.

As another example, the service provider can analyze the health dataand/or other data to determine that the user device has not providedhealth data and/or other data, or otherwise responded to the serviceprovider, for more than a specified period of time. In such an example,the service provider can access a rule that pertains to online/offlinemonitoring. In this example, the health data and/or other data canindicate that the user device is offline. In such an example, theservice provider can initiate a phone call to IT personnel associatedwith the company (which may be prescribed by the rule). As such, the ITpersonal can perform one or more actions to remedy the issue. In analternate example, the service provider can automatically perform theone or more actions to remedy the issue (which may be alternatelyprescribed by the rule). This type of monitoring can enable the serviceprovider and/or the company to perform action(s) to correct (or avoid)poor user experiences in an effort to ensure that the user is able touse his or her user device efficiently.

While email and online/offline monitoring scenarios are described above,as is described herein, any number of business and/or cloud-basedapplication scenarios can be monitored by the service provider. In atleast one example, rules associated with one or more business scenariosand/or one or more cloud-based application scenarios can be used formonitoring user experience as described herein. Additional details aredescribed below.

Techniques described herein provide various technical advantages overexisting and/or conventional monitoring technology. As described above,as companies move away from on-premise computing infrastructures tocloud-based computing infrastructures, identifying and troubleshootingtechnology issues has become increasingly difficult. That is, with usersspread across hundreds of server computing devices, IT professionalscannot easily determine when there is an issue and/or where the issue islocated. As described above, with existing technology, if a particularbusiness application associated with a cloud-based service provider(e.g., an email application, a teleconference application, etc.) isinoperable or is otherwise causing inefficiencies, an IT professional ofa company may not be able to identify the issue and/or a particularserver computing device causing the issue. That is, the IT professionalmay not be able to identify whether the issue is associated with acloud-based server computing device associated with the company'scomputing infrastructure, an on-premise server computing device, acloud-based server computing device associated with the cloud-basedservice provider, or the like. Further, it may be unclear who isresponsible (e.g., the company, the cloud-based service provider, etc.)for managing troubleshooting the issue from end-to-end. As such, the ITprofessional contacts the cloud-based service provider and waits untilthe cloud-based service provider can troubleshoot the issue, so that theIT professional can troubleshoot the issue within its owninfrastructure. This delay can introduce frustration and can affectproductivity. Further, the lack of detection and/or access toremediation can negatively affect computer and/or network performance.

Techniques described herein enable a single service provider tomanage—via an end-to-end process—technology issues that arise in acloud-based computing infrastructure of a company using cloud-basedservices. As a result, techniques described herein enable proactivelyidentifying issues that can affect performance of cloud-basedapplications on cloud-based computing infrastructures so thatpreventative actions can be taken to mitigate the disruption caused bysuch issues. Furthermore, in some examples, techniques described hereincan enable the quick detection of issues that affect performance ofcloud-based applications on cloud-based computing infrastructures sothat corrective actions can be taken to mitigate the disruption causedby such issues. As described below, techniques described herein candetect such issues using secure processes that, in some examples,provide user anonymity. That is, by leveraging the network-connectedmonitoring environment described herein, techniques described hereinoffer improvements to cloud-based computing infrastructures utilizingcloud-based services. As such, techniques described herein offerimprovements over existing technology.

FIG. 1 illustrates an example environment 100 for performing techniquesdescribed herein. In at least one example, an entity 102, which can be abusiness, a company, an individual, and/or a group of individuals, canoffer services to user(s) 104 associated with the entity 102 via acloud-based computing infrastructure. As described above, a cloud-basedcomputing infrastructure can avail network services, products, and/orapplications (e.g., of the entity 102 and/or third-parties) that arehosted by hundreds—if not thousands—of server computing devices and/orother data centers that can be accessed by users using networkconnectivity. In at least one example, such a cloud-based computinginfrastructure can include one or more server computing devicesassociated with the entity 102 (“entity server(s) 106”). While notillustrated, in some examples, the cloud-based computing infrastructurecan be combined with an on-premise computing infrastructure, such thatthe entity 102 has both on-premise and cloud-based computinginfrastructures for providing services to its user(s) 104.

In at least one example, the entity 102 can be associated with one ormore users 104, which can be employees of the entity 102, independentcontractors associated with the entity 102, representatives of theentity 102, or otherwise associated with the entity 102. The user(s) 104can interact with computing devices (“user device(s) 108”) via one ormore user interfaces. In at least one example, each of the userdevice(s) 108 can correspond to a mobile phone, a personal digitalassistant, a netbook, a laptop computer, a desktop computer, a networkedcomputer, and/or another electronic device that is capable oftransmitting or receiving data via network(s) 110.

In at least one example, the network(s) 110 can include the Internet,cable network(s), cellular network(s), cloud network(s), wirelessnetwork(s) (e.g., Wi-Fi) and wired network(s), low power area networks(LPWAN), as well as close-range communications such as Bluetooth®,Bluetooth® low energy (BLE), and the like. In some examples, thenetwork(s) 110 can be private networks (e.g., networks whereinrestrictions and access rules are established in order to relegateaccess to select users), public networks (e.g., networks wherein anyone,namely the general public, has access and through it can connect toother networks or the Internet), or combinations of the foregoing.

In addition to the user(s) 104, the entity 102 can be associated withone or more IT users 112, which can comprise an IT team, for handlingissues associated with the entity server(s) 106 and/or user device(s)108 as they arise. In at least one example, such IT user(s) 112 caninteract with computing device(s) (“IT computing device(s) 114”) tohandle issues associated with the entity server(s) 106 and/or userdevice(s) 108 as they arise.

In at least one example, the entity 102 can offer one or more servicesvia the cloud-based computing infrastructure, for instance, to enablethe user(s) 104 to access such service(s) via their user device(s) 108.In at least one example, such service(s) can be availed to enable theuser(s) 104 to perform tasks on behalf of the entity 102. In someexamples, such service(s) can be availed via cloud-based serviceprovider(s). In at least one example, a cloud-based service provider canbe associated with one or more server computing devices (“cloud-basedservice provider server(s) 116”). Such a cloud-based service providercan avail network services, products, and/or applications that arehosted by the cloud-based service provider server(s) 116. In at leastone example, the network services, products, and/or applications can beaccessed by the user device(s) 108 using network connectivity.Non-limiting examples of such a cloud-based service provider can includean email service provider, a telecommunication service provider, adocument management service provider, a document collaboration serviceprovider, an Internet of Things (IoT) service provider, etc. In at leastone example, each of the user device(s) 108 can include instances ofapplications associated with individual of the services and/or productsavailed by the cloud-based service provider. As illustrated in FIG. 1 ,one of the user device(s) 108 includes one or more cloud-basedapplications 118.

In at least one example, the entity 102 can subscribe, or otherwiseaccess, services of a service provider that provides monitoring and/orremediation services (“monitoring service provider”). In at least oneexample, such a service provider can be associated with one or moreserver computing devices (“monitoring service provider server(s) 120”),which can host the monitoring and/or remediation services and make suchservices available using network connectivity.

In at least one example, the monitoring service provider server(s) 120can include one or more functional components for performing operationsdescribed herein. For example, the monitoring service provider server(s)120 can include a monitoring module 122, a remediation module 124, atraining module 126, and a data store 128. The one or more modules anddata structures can be in the form of stand-alone applications,productivity applications, an operating system component, or any otherapplication or software module configured to perform operations asdescribed herein. In at least one example, the monitoring module 122,the remediation module 124, the training module 126, and the data store128 can represent computer-executable instructions that, when executedby one or more processors, perform operations as recited. Generally,computer-executable instructions include routines, programs, objects,components, data structures, and the like that perform particularfunctionalities or implement particular data types.

The monitoring module 122 can be configured to monitor the userdevice(s) 108 based at least in part on data received from the userdevice(s) 108. In at least one example, the monitoring module 122 canprovide a program, having minimal code (e.g., instructions) such as alight weight agent (“agent 130”) to individual of the user device(s)108. For example, when the entity 102 adds one of the user device(s) 108to their computing infrastructure (e.g., registers the user device withthe entity 102), the user device can download, or otherwise access, theagent 130. In some examples, when the user device is registered, theagent 130 can be associated with an identifier of the user device. Theagent 130 can additionally be associated with an identifier such thatwhen data is received from the agent 130, the monitoring module 122 candetermine which user device and/or agent 130 provided the data.

In at least one example, the agent 130 can run as a background processcollecting data associated with the user device (e.g., without inputfrom the corresponding user). In some examples, such data can indicatethe health of the user device and/or service(s) being provided bycloud-based service provider(s). Furthermore, in some examples, suchdata can indicate the health of a system, network, application, etc.associated with the user device. For example, such data can indicaterelations between a user's network performance and the user's experienceusing a particular service of a cloud-based service provider, networksignal(s), CPU signal(s), memory signal(s), application indicator(s)that are particular to individual applications (e.g., a loadingindicator that appears when an application associated with a service ishaving network congestion issues and/or an indication of a dropped callprovided via another service), etc.

In at least one example, the agent 130 can send such data to themonitoring module 122 in near real-time, at substantially regularintervals, responsive to a detection of an event (e.g., by the userdevice), etc. In some examples, the agent 130 can send such data to themonitoring module 122 responsive to a request for such data from themonitoring module 122. In at least one example, the agent 130 canrefrain from accessing any data that identifies the user associated withthe user device. Instead, the agent 130 can be associated with anidentifier, which can be associated with an identifier of the userdevice, such that when the data is received, it is associated with theidentifier of the agent 130, and the monitoring module 122 can determinethe source of the data (e.g., the agent 130 and/or the user device)based at least in part on the identifier. As such, the data sent to themonitoring module 122 can be collected and sent without accessing anyuser-authored and/or user-identifiable data. In at least one example,the data can be anonymized and obfuscated such that, if interceptedand/or accessed by an unintended recipient, such an unintended recipientmay not be able to identify the user and/or understand the data.

In some examples, anonymized data can be used for identifying trendsassociated with cloud-based service(s) and/or cloud-based serviceprovider(s) without needing to know identities of individual users. Forexample, if there are multiple user devices with the agent 130 runningin the background in a particular geographic location, the monitoringmodule 122 can look at location data and common usage of a cloud-basedservice to determine regional trends without needing to know an identityof an individual user. As another example, anonymized data can be usedto geographic trend information with individual entities to indicatenetwork issues (e.g., an entity is using a VPN solution that centrallyroutes internet access) or other usage trends, which can be used by themonitoring module 122 to determine commonalities of issues with certainconfigurations, without needing to know an identity of an individualuser.

In some examples, entities, such as the entity 102, may want to limitthe access of the monitoring service provider with respect to componentsof their computing infrastructure (e.g., for security reasons orotherwise). In such examples, the monitoring module 122 can access datawhich can be written to data blocks, as described herein, and cancollect data from such data blocks (e.g., via an Application ProgrammingInterface (API)) instead of from the agent 130. In such examples, themonitoring module 122 can access data, which can be indicative of thehealth of a user device and/or service(s) being provided by cloud-basedservice provider(s), without the need for the monitoring serviceprovider server(s) 120, or any polling, to access (e.g., “reach in”) toa secure infrastructure of the entity 102. Additional details associatedwith using such data blocks are described below with reference to FIG. 2.

In at least one example, the monitoring module 122 can analyze theinputs (e.g., data received from the agent 130 and/or data blocks) todetermine if/when a state of the user device changes. Such a state canbe associated with an individual component, operation, application,device, network, system, etc. In some examples, the monitoring module122 can analyze such inputs using one or more rules, which can beconfigured to monitor business scenarios and/or application scenarios.In at least one example, a rule can be associated with a condition, thesatisfaction of which can indicate an issue (e.g., an opportunity forremedial action to be performed). In at least one example, when thecondition is satisfied, the monitoring module 122 can determine that atrigger event has occurred and can send a notification to theremediation module 124. In some examples, the monitoring module 122 canrefrain from determining an occurrence of a trigger event until morethan a threshold number of conditions are satisfied (e.g., a conditionhas been satisfied a prescribed number of times in a row, a specifiedcombination of conditions has been satisfied, etc.) and/or a number ofuser devices associated with state changes meets or exceeds a threshold(e.g., a certain number of user devices associated with executive usershave satisfied a condition).

In at least one example, the one or more rules can be configurable. Thatis, in at least one example, a user associated with the entity 102and/or a user associated with the monitoring service provider can inputone or more rules via a user interface. An example user interface forinputting rules is described below with reference to FIG. 3 . In atleast one example, rules can be particular to products/services (e.g.,availed by cloud-based service provider(s)), entities, users (e.g.,characteristics associated therewith), geographic location, time of day,day of the week, date, and the like. In some examples, rules can bedetermined based at least in part on standards, metrics, or otherindicators provided by cloud-based service provider(s). Moreover, insome examples, rules can be determined based at least in part onstandards, metrics, or other indicators as determined by monitoringon-premise computing devices and/or associated services associated withan entity.

In some examples, one or more rules can be learned based at least inpart on a machine learning mechanism. That is, in some examples, amachine learning mechanism can analyze inputs and associated issues tolearn when inputs correspond to such issues. As such, upon receiving newinputs, as described above, a machine-trained data model can identifyissues. In some examples, such inputs and associated issues can becodified as rules. In at least one example, the rule(s) (e.g., whethermanually input and/or codified based at least in part on machinelearning) can be stored in the data store 128.

Non-limiting examples of rules include: (a) if all locations of anentity 102 are failing for an application login, send an email to ITuser(s) 112; (b) if all locations of an entity 102 are failing for anapplication login and the cloud-based service provider has acknowledgedthe issue, generate a support ticket; (c) if a particular building isoffline on a weekend, notify a particular IT user; (d) if a particularbuilding is offline on a weekend, notify IT user(s) 112; (e) if a CEOhas mail stuck in an email outbox, call a particular IT user; (0 if anumber of executive-level users have mail stuck in an email outbox,first attempt to reboot the system(s) and then, call a particular ITuser; and so on. The above rules are provided for illustration only andshould not be construed as limiting. As described above, rules can beconfigurable and based on products/services (e.g., availed bycloud-based service provider(s)), entities, users (e.g., characteristicsassociated therewith), geographic location, time of day, day of theweek, date, and the like. In at least one example, each rule canindicate one or more outputs for providing a notification that a rulehas been satisfied.

The remediation module 124 can receive notifications from the monitoringmodule 122 and can initiate and/or perform, when applicable, one or moreactions to remediate issues identified by the monitoring module 122. Insome examples, individual rules can be associated with indications ofactions to be performed. For example, a rule can indicate that if acondition associated with the rule is satisfied, that an email is to besent to a designated user. Other outputs can include phone calls, textmessages, in-application notifications, support tickets, entity tools(e.g., incident management tools of the entity and/or available via athird-party), dashboards, and the like. In some examples, as describedabove, rules can be particular to users (e.g., based oncharacteristic(s) associated therewith). As such, in some examples,different users can be associated with different outputs. In suchexamples, the remediation module 124 can use an identifier of the user(e.g., which can be based at least in part on an identifier of the agent130 and/or an identifier associated with a corresponding user device) todetermine which output is appropriate for the user affected.

As described above, in at least one example, individual rules candesignate an output. In such an example, the remediation module 124 candetermine a prescribed output, generate the output, and send the outputto a user designated in the rule (e.g., a computing device associatedtherewith). In at least one example, the output can be presented to thedesignated user via a computing device associated therewith. In someexamples, the designated user can determine that no remedial action isnecessary. In other examples, the designated user can perform one ormore actions to prevent or correct the identified issue. In suchexamples, the remediation module 124 can be said to have initiated theperformance of such action(s) (e.g., by sending the output to thedesignated user).

In some examples, the remediation module 124 can perform one or moreactions to prevent or correct the identified issue without involvinganother user. That is, the remediation module 124 can automaticallyperform one or more actions to prevent or correct the identified issue.For example, the remediation module 124 can cause an identified deviceto reboot, to perform a scan for viruses or software versions, etc. Inadditional or alternative examples, the remediation module 124 can makeone or more modifications to remedy an issue. In some examples, the oneor more actions can be prescribed by the rule. In some examples, the oneor more actions can be learned via a machine learning mechanism, asdescribed herein.

In at least one example, the remediation module 124 can cause dashboards(e.g., an information management tool that visually tracks, analyzes,and displays performance indicators and/or other metrics) and/or otheruser interfaces to be presented so that a user associated with theentity 102 and/or a user associated with the monitoring service providercan monitor the user device(s) 108 in near real-time. In some examples,such dashboards can compare the performance of individual of the userdevice(s) 108 to one another and/or to user device(s) associated withother entities. In some examples, such dashboards can compare theperformance of different entities. A non-limiting example of a userinterface that can be used by a user associated with the entity 102(e.g., IT user(s) 112) and/or a user associated with the monitoringservice provider for monitoring the user device(s) 108 in near real-timeis described below with reference to FIG. 4 .

The training module 126 can be configured to train one or more datamodels, for example, using machine learning mechanisms as describedherein. In at least one example, the training module 126 can train adata model via machine learning mechanism(s) to determine which input(s)are indicative of individual issue(s) that can affect user experience.In at least one example, the training module 126 may utilize a machinelearning mechanism to build, modify, or otherwise utilize data model(s)that are created from example inputs and makes predictions or decisions.In such an example, the data model(s) may be trained using supervisedlearning algorithms (e.g., artificial neural networks, Bayesianstatistics, support vector machines, decision trees, classifiers,k-nearest neighbor, etc.), unsupervised learning algorithms (e.g.,artificial neural networks, association rule learning, hierarchicalclustering, cluster analysis, etc.), semi-supervised learningalgorithms, deep learning algorithms, etc. In at least one example, theexample inputs can include data (e.g., health, etc.) previously receivedfrom user devices and issues identified based on such data. Based atleast in part on the inputs, the training module 126 can build, modify,or otherwise utilize data model(s) to identify issues based on receivedinputs.

Furthermore, in some examples, the training module 126 can build,modify, or otherwise utilize data model(s) to determine action(s) to beperformed for preventing and/or correcting identified issues. In suchexamples, the example inputs can include previously identified issuesand remedial actions performed to remediate such identified issues. As aresult, the training module 126 can train data model(s) to determineaction(s) to be performed for preventing and/or correcting identifiedissues.

In at least one example, such machine-trained data model(s) can bestored in the data store 128 and updated overtime.

The data store 128 can store data as described herein. In some examples,the data store 128 can store rules, which can be provided by entities,the monitoring service provider, etc. In some examples, the data store128 can store machine-trained data model(s) trained by the trainingmodule 126. Furthermore, in some examples, the data store 128 can storedata associated with entities that subscribe, or have subscribed, toservices of the monitoring service provider.

FIG. 2 illustrates an example environment 200 for accessing data from asecure computing infrastructure using data blocks. As described above,in some examples, entities, such as the entity 102, may want to limitthe access of the monitoring service provider with respect to componentsof their computing infrastructure. In such examples, the monitoringmodule 122 can access data which can be written to data blocks, asdescribed herein, and can collect data from such data blocks (e.g., viaan API) instead of from the agent 130.

As illustrated in FIG. 2 , an entity 102 can be associated with one ormore components 202 (individually, 202A-202N). Such components 202 canbe computing devices (e.g., the user device(s) 108), processes runningthereon, or other components associated with a computing infrastructureof the entity 102. As a non-limiting example, a component 202A can be alocally deployed agent or cloud resource that can be deployed in asubscription of a user and/or a device deployed on a local network of anentity that servers as a watcher node. In at least one example, thecomponents 202 can communicate with one another via the network(s) 110(not pictured in FIG. 2 ). Furthermore, the components 202 can beremotely located from the monitoring service provider server(s) 120 andthus can communicate with the monitoring service provider server(s) 120via the network(s) 110.

In at least one example, the monitoring service provider can avail oneor more data blocks 204 (individually, 204A-204M), which can be writtento and/or read from the components 202. Each data block 204A-204M can bea light weight container (e.g., data repository) that is associated witha unique identifier (e.g., a globally unique identifier). In someexamples, individual data blocks 204 can be designated to storeparticular types of data. In at least one example, each data block204A-204M can be written to, for example, by the components 202 and/orcan be read by, for example, the components 202. In at least oneexample, for a component 202A to write to a data block 204A, thecomponent 202A can send data 206 to the data block 204A. In at least oneexample, such data 206 can be sent responsive to the monitoring module122 requesting such data (e.g., by sending instruction(s) 208 to thecomponent 202A that include an identifier associated with the data block204A). In additional or alternative examples, such data 206 can be sentin near real-time, at substantially regular intervals (e.g., after lapseof a period of time), responsive to an event (e.g., detected by thecomponent 202A), etc.

In at least one example, the data 206 can include data associated withthe health of the component 202A and/or product(s)/service(s) associatedwith a cloud-based service provider, as described above. In someexamples, the data 206 can include an identifier (as provided by theinstruction(s) 208) so that the data 206 is written to the correct datablock 204A. In at least one example, the data 206 may be obscure suchthat it may not be useful unless the meaning of the data 206 is known.However, component(s) that know the meaning of the data 206 (e.g., othersystem(s) associated with the environment 100) may be able to use thedata 206 in ways that are meaningful to the component(s). That is, thedata 206 itself may include a value or other indication that ismeaningless to anyone who may intercept the data 206 as it istransmitted to the data block 204A and/or stored by the data block 204A.This provides an added layer of security for enabling securecommunications.

The data block 204A can store the data 206 and/or can send the data 206to the monitoring service provider server(s) 120 via an API. That is,the component 202A can write to the data block 204A and such data can beaccessible by the monitoring service provider server(s) 120. By usingthe data blocks 204, the monitoring service provider server(s) 120 canaccess data from the components 202 without otherwise accessing thecomponents 202 and/or other data associated therewith. That is, the datablocks 204 can be intermediary data repositories that allow themonitoring module 120 (or other module(s) associated with the monitoringservice provider server(s) 120) to access data from the components 202but without granting the monitoring service provider full access to thecomponents 202. In some examples, the monitoring service providerserver(s) 120 can track changes to data received by the components 202such that each time a value is changed, its history is tracked. Suchtracking can be useful for trend analysis, which can be performed by themonitoring module 122.

In some examples, the components 202 can transmit data via networkconnections, as described above. In examples where a network connectionis not available (e.g., a network is down, the monitoring serviceprovider server(s) 120 are offline, etc.), the components 202 canrefrain from transmitting data unless and until a network connection isrestored. That is, the components 202 can store data intended for thedata blocks 204 until the network connection is restored and can sendthe data to the data blocks 204 after the network connection isrestored. In some examples, the ability to store data locally until thenetwork connection is restored can alleviate requirements for consistentaccess to the network(s) 110. That is, the components 202 can providedata to the data blocks 204 when there is connectivity.

In some examples, data associated with the data blocks 204 can be readby the components 202. For instance, in at least one example, thecomponent 202B can access data 210 stored by the data block 204A. Insome examples, such data 210 can be provided by another component (e.g.,the component 202A and/or the component 202N). In some examples, suchdata 210 can be provided by the monitoring service provider server(s)120.

In at least one example, the ability of components 202 to read from orwrite to data blocks 204 can be controlled by one or more layers ofsecurity. For instance, in at least one example, prior to allowing thecomponents 202 to read from and/or write to the data blocks 204, thedata blocks 204 can determine whether the components 202 satisfy asecurity condition. In some examples, such a security condition can beassociated with an IP address, a security key, or the like. Forinstance, a component may not be able to write to a data block unlessthe data to be written to the data block is associated with a particularIP address and/or is associated with a particular security key.Similarly, a component may not be able to read from a data block unlessthe data to be read from the data block is associated with a particularIP address and/or is associated with a particular security key.

In at least one example, the monitoring module 122 can access data fromthe data blocks 204, which can be indicative of the health of a userdevice and/or service(s) being provided by cloud-based serviceprovider(s), without the need for the monitoring service providerserver(s) 120, or any polling, to access (e.g., “reach in”) to a securecomputing infrastructure of the entity 102. The monitoring module 122can utilize such data as described above to determine when a state of acomponent 202A-202N changes such to notify a designated user. That is,the monitoring module 122, remediation module 124, etc. can perform thesame or similar functions as described above with reference to FIG. 1 ,however the inputs received by the monitoring module 122 can be providedby the data blocks 204 instead of agent(s) associated with the userdevice(s) 108.

In addition to being useful for the monitoring module 122, data storedin the data blocks 204 can be accessible to and/or useful for othermodules and/or components of the monitoring service provider server(s)120 and/or other system(s) associated with the environment 100.

FIG. 3 illustrates an example user interface 300 via which a rule can beprovided to the monitoring service provider. As described above, in atleast one example, the monitoring module 122 can analyze inputs (e.g.,data received from the agent 130 and/or data blocks 204) to determineif/when a state of a user device changes. In some examples, themonitoring module 122 can analyze such inputs using one or more rules.As described above, in at least one example, the one or more rules canbe configurable for monitoring business scenarios and/or applicationscenarios. In at least one example, a user associated with the entity102 and/or a user associated with the monitoring service can input oneor more rules via a user interface, such as the user interface 300illustrated in FIG. 3 .

In at least one example, the user interface 300 can include a menu 302or toolbar that includes one or more options for viewing data availablevia the monitoring service provider. As a non-limiting example, the menu302 can present three options: entities, rules, and devices. In at leastone example, each option can be associated with an actuation mechanismthat, when actuated, can enable a user to view data associated withentities, rules, and devices, respectively. As illustrated in FIG. 3 , auser actuates the actuation mechanism corresponding to the rules option.As such, the user interface 300 can prompt the user to input dataassociated with a rule via the user interface 300.

As a non-limiting example, the user interface 300 can prompt the user toprovide a name for the rule, an indication of whether the rule isenabled, a description for the rule, the scope of data required forapplying a rule, a period of time after which the rule should bereconsidered, one or more conditions associated with the rule, and oneor more actions to be performed if the condition(s) are determined to besatisfied. In some examples, the monitoring service provider canassociate a rule identifier and/or a subscription identifier with therule. As illustrated in FIG. 3 , this particular rule is associated withtwo conditions that, if satisfied, cause the remediation module 124 tocause the color of a block representing a particular device to changefrom white to yellow. That is, if a particular device has not providedupdated data in more than one minute such that the “age” of the data isgreater than 00:01:00 and the device is enabled (e.g., is supposed to beonline), the monitoring module 122 can determine the occurrence of atrigger event and can prompt the remediation module 124 to take one ormore actions (e.g., cause the color of a block representing a particulardevice to change from white to yellow). In at least one example, theuser interface 300 can be associated with an actuation mechanism 304,the actuation of which can cause the rule to be stored in the data store128. In at least one example, if the rule is particular to an entity(and corresponding subscription), the rule can be mapped to, orotherwise associated with, a profile of the entity stored in the datastore 128. In some examples, however, a rule can be a global rule and,in such examples, can be applicable to all subscriptions.

The rule illustrated in FIG. 3 is but one rule and additional oralternative rules, which can monitor user experience from at least oneof a business perspective and/or an application perspective, can beadded to the data store 128 via a user interface similar to the userinterface 300 illustrated in FIG. 3 . The user interface 300 is but oneexample of a user interface and additional or alternative data can bepresented by a user interface in an additional or alternativeconfiguration. That is, the user interface 300 should not be construedas limiting.

FIG. 4 illustrates an example user interface 400 for monitoring statesof user devices, as described herein. Much like the user interface 300described above with reference to FIG. 3 , the user interface 400 caninclude a menu 402 or toolbar that includes one or more options forviewing data available via the monitoring service provider. As anon-limiting example, the menu 402 can present three options: entities,rules, and devices. In at least one example, each option can beassociated with an actuation mechanism that, when actuated, can enable auser to view data associated with entities, rules, and devices,respectively. As illustrated in FIG. 4 , a user actuates the actuationmechanism corresponding to the devices option. As such, the userinterface 400 can present a view of a plurality of devices 404. In FIG.4 , the plurality of devices 404 are illustrated in a small thumbnailview, wherein each device is represented by a graphical element.However, in additional or alternative examples, the plurality of devices404 can be presented in a list view, a large thumbnail view, or anyother view where each device is represented by a text element orgraphical element.

In at least one example, each of the graphical elements can correspondto a user device, such as one of the user device(s) 108 described abovewith reference to FIG. 1 . That is, each of the graphical elementsrepresented can correspond to a user device associated with an entity,such as the entity 102. In at least one example, each of the userdevices (e.g., via the use of agents and/or data blocks, as describedabove) can send data to the monitoring module 122, as described abovewith reference to FIG. 1 . In some examples, at least some of the datareceived by the monitoring module 122 can be presented via the userinterface 400. For example, in at least one example, each graphicalelement can include text elements and/or graphical elements that depicta state of a respective user device. In at least one example, thegraphical elements can be interactable and/or otherwise associated withan actuation mechanism such that a user can interact with a graphicalelement to cause additional data associated with the corresponding userdevice to be presented. In some examples, if the state of a user devicesatisfies a condition that prompts the graphical element to changecolors, the corresponding graphical element can be presented as adifferent color and/or otherwise visually different from the othergraphical elements (e.g., in FIG. 4 , such a color change is shown ascrosshatching). In at least one example, the remediation module 124 caneffectuate the color change and/or change to the presentation of thegraphical element.

In at least one example, a user, such as an IT user 112 and/or a user(e.g., representative) associated with the monitoring service providercan use the user interface 400 to determine which user devices requireremedial action to be taken. As such the user can perform one or moreactions, or notify another user to perform one or more actions, in aneffort to prevent or correct a respective user from having a negativeuser experience.

The user interface 400 is but one example of a user interface andadditional or alternative data can be presented by a user interface inan additional or alternative configuration. That is, the user interface400 should not be construed as limiting.

As described above, in addition to presenting data associated with userdevices via a user interface, the remediation module 124 can notify auser of a change to a state of a user device via one or more additionalor alternative mechanisms. For example, the remediation module 124 cansend a text message to a computing device associated with a designateduser to alert the designated user of the change to the state of the userdevice. Furthermore, in some examples, the remediation module 124 cansend an email, initiate a phone call, or otherwise send a communicationto a computing device associated with a designated user. In at least oneexample, the remediation module 124 can generate a support ticket thatcan be used to notify a designated user of a changed state of the userdevice. In at least one example, as described above, the remediationmodule 124 can access an applicable rule to determine a prescribedoutput for communicating the changed state of the user device.

While changes to states of user devices are described above, it shouldbe noted that such states can be associated with components of userdevices themselves and/or systems, applications, products, services,networks, etc. with which the one or more user devices are associated.

FIGS. 5-9 describe example processes for facilitating techniquesdescribed herein. The example processes are described in the context ofthe system of FIGS. 1 and 2 but are not limited to those environments.Furthermore, FIGS. 1 and 2 are not limited to performing techniques asdescribed herein.

The processes described below in association with FIGS. 5-9 can beimplemented in hardware, software, or a combination thereof. In thecontext of software, the operations represent computer-executableinstructions stored on one or more computer-readable storage media that,when executed by one or more processors, perform the recited operations.Generally, computer-executable instructions include routines, programs,objects, components, data structures, and the like that performparticular functionalities or implement particular abstract data types.In other embodiments, hardware components perform one or more of theoperations. Such hardware components can include or be incorporated intoprocessors, ASICs, programmable circuits such as FPGAs, or in otherways. The order in which the operations are described is not intended tobe construed as a limitation, and any number of the described operationsand/or processes can be combined in any order and/or in parallel toimplement the processes.

FIG. 5 illustrates an example process 500 for monitoring a state of auser device and/or effectuating a remedial action, as described herein.

At operation 502, the monitoring module 122 receives a request toregister a user device with a monitoring service provider. In at leastone example, a user device (e.g., of the user device(s) 108) can send arequest to the monitoring service provider server(s) 120 to register theuser device with a subscription associated with an entity 102 with whichthe user device is associated. In some examples, a user (e.g., of theuser(s) 104) of the user device can provide an input to the user deviceto initiate the request. In other examples, an IT user (e.g., of the ITuser(s) 112) can provide an input to the user device to initiate therequest. In at least one example, the monitoring module 122 can receivethe request and can add the user device to a portal associated with themonitoring service provider.

At operation 504, the monitoring module 122 sends, to the user device,instruction(s) associated with an agent to run as a background processon the user device. In at least one example, the monitoring module 122can provide a program, having minimal code (e.g., instructions), such asa light weight agent (“agent 130”), to individual of the user device(s)108. In at least one example, the agent 130 can run as a backgroundprocess collecting data associated with the user device (e.g., withoutinput from the corresponding user). In some examples, such data canindicate the health of the user device and/or service(s) being providedby cloud-based service provider(s). That is, such data can be indicativeof the health of a system, application, network, etc. with which theuser device is associated.

At operation 506, the monitoring module 122 receives, from the agent130, data associated with the user device. In at least one example, theagent 130 can send such data to the monitoring module 122 in nearreal-time, at substantially regular intervals, responsive to a detectionof an event (e.g., by the user device), etc. In some examples, the agent130 can send such data to the monitoring module 122 responsive to arequest for such data from the monitoring module 122. In at least oneexample, the agent 130 can refrain from accessing any data thatidentifies the user associated with the user device. As such, the datasent to the monitoring module 122 can be collected and sent withoutaccessing any user-authored and/or user-identifiable data.

At operation 508, the monitoring module 122 monitors a state of the userdevice based at least in part on the data. In at least one example, themonitoring module 122 can analyze inputs (e.g., data received from theagent 130) to determine if/when a state of the user device changes. Insome examples, the monitoring module 122 can analyze such inputs usingone or more rules, which can be configured to monitor business scenariosand/or application scenarios.

In at least one example, the one or more rules can be configurable. Thatis, in at least one example, a user associated with the entity 102and/or a user associated with the monitoring service can input one ormore rules via a user interface. In at least one example, rules can beparticular to products/services (e.g., availed by cloud-based serviceprovider(s)), entities, users (e.g., characteristics associatedtherewith), geographic location, time of day, day of the week, date, andthe like. In some examples, one or more rules can be learned based atleast in part on a machine learning mechanism, as described above. Insome examples, such inputs and associated issues can be codified asrules. In at least one example, the rule(s) can be stored in the datastore 128.

At operation 510, the monitoring module 122 determines whether a triggerevent occurs. In at least one example, a trigger event can be an eventthat prompts the monitoring module 122 to send a notification to theremediation module 124 regarding a state of the user device. In someexamples, a trigger event can be associated with any change to a stateof a user device. In some examples, if a state of a user device changesby more than a threshold, the monitoring module 122 can determine anoccurrence of a trigger event.

In at least one example, a rule can be associated with a condition,which can indicate an issue (e.g., business and/or application). In atleast one example, the monitoring module 122 can analyze the inputs todetermine whether the condition is satisfied. In such an example,if/when the condition is satisfied, the monitoring module 122 candetermine that a trigger event has occurred. In some examples, a triggerevent may be associated with multiple rules, which can be associatedwith multiple conditions. In some examples, the monitoring module 122may not determine an occurrence of a trigger event until more than athreshold number of conditions are satisfied. For example, in someexamples, the monitoring module 122 can refrain from determining anoccurrence of a trigger event until a condition has been satisfied aprescribed number of times in a row, a specified combination ofconditions has been satisfied, etc. That is, in at least one example,the monitoring module 122 can determine the occurrence of a triggerevent based at least in part on determining that more than a thresholdnumber of conditions are satisfied.

In some examples, a rule can be associated with a value and themonitoring module 122 can determine an occurrence of a trigger eventbased at least in part on a relationship between a value received as aninput (e.g., from the agent 130) and a threshold value associated withthe rule. That is, in at least one example, the monitoring module 122can determine that a value received from the agent 130 satisfies athreshold and can therefore determine an occurrence of a trigger event.

At operation 512, the remediation module 124 can determine whether adesignated user is prescribed by a rule associated with the triggerevent. In at least one example, the monitoring module 122 can determinethat a trigger event has occurred. In at least one example, the triggerevent can correspond to a rule that indicates an output and/or aremedial action. In at least one example, an output can be associatedwith a designated user to whom the output should be sent. In such anexample, the remediation module 124 can determine, based at least inpart on the rule that corresponds to the trigger event, a prescribedoutput, generate the output, and send the output to a user designated inthe rule. If a designated user is prescribed by the rule associated withthe trigger event, the remediation module 124 can send a notification tothe designated user, as illustrated at operation 514. That is, if adesignated user is prescribed by the rule associated with the triggerevent, the remediation module 124 can generate and send a text message,email, phone call, etc. to a computing device operable by the designateduser.

At operation 516, it can be determined whether a remedial action iswarranted. In some examples, if a remedial action is warranted by thedesignated user, the designated user can perform the remedial action.That is, the designated user can effectuate the remedial action, asillustrated in operation 518. In some examples, no user is designatedand/or the rule is associated with an indication that the remedialmodule 124 is to address the trigger event automatically (e.g., withoutinvolving another user). In such examples, the remediation module 124can determine whether a remedial action is warranted, as illustrated inoperation 516. In such examples, if a remedial action is warranted, theremediation module 124 can effectuate the remedial action prescribed bythe rule, as illustrated at operation 518.

At operation 520, it can be determined that no remedial action iswarranted. That is, in some examples, a notification can be sent to theremediation module 124 and the remediation module 124 can send anotification to a designated user. The designated user can determinethat no remedial actions are warranted and can refrain from performingan action. In some examples, the designated user can interact with auser device to indicate to the remediation module 124 that no remedialaction is warranted. In examples where the remediation module 124 is toautomatically address the trigger event, the remediation module 124 candetermine whether a remedial action is warranted and, if no remedialaction is warranted, can refrain from effectuating a remedial action.

In some examples, if the monitoring module 122 determines that a triggerevent does not occur, process 500 can return to operation 506, whereadditional data can be received from the user device and the monitoringmodule 122 can continue to monitor the state of the user device.

In at least one example, the monitoring module 122 can utilizemachine-trained data model(s) to monitor the state of the user device.In such an example, the machine-trained data model(s) can identifyissue(s) based at least in part on the data received from the agent 130and/or recommend remedial action(s) to be taken. As such, in at leastone example, process 500 can proceed from operation 508 to operation 518(e.g., as illustrated by the dashed line from operation 508 to operation518) and the remediation module 124 can effectuate the recommendedremedial action(s) to be taken.

FIG. 6 illustrates an example process 600 for effectuating a remedialaction based at least in part on a number of devices being associatedwith state changes, as described herein.

At operation 602, the monitoring module 122 can monitor states of aplurality of user devices 108 based at least in part on one or morerules, as described above with reference to operation 508 of FIG. 5 .

At operation 604, the monitoring module 122 can determine state changesfor a number of user devices of the plurality of user devices 108. Thatis, based at least in part on monitoring states of the plurality of userdevices 108, the monitoring module 122 can determine that some number ofthe plurality of user devices 108 are associated with state changes.

At operation 606, the monitoring module 122 can determine whether thenumber satisfies a threshold. In at least one example, the monitoringmodule 122 can determine whether the number of user devices 108associated with state changes satisfies a threshold. In at least oneexample, the threshold can be configurable such that the monitoringservice provider and/or the entity 102 can indicate a number of userdevices associated with state changes that prompts the monitoringservice to determine an occurrence of a trigger event, as illustrated atoperation 608 and described above with reference to operation 510 ofFIG. 5 . For example, if a single device is offline (when it is supposedto be online), the monitoring module 122 can refrain from taking anyaction. However, if more than a threshold number of devices are offline(when they are supposed to be online), the monitoring module 122 cannotify the remediation module 124 so that the remediation module 124 canalert a designated user. In some examples, however, if the single deviceis associated with an executive or another user associated with aparticular level of status or privilege, the threshold may be one andthus the single device being offline can satisfy the threshold. In someexamples, the threshold can be associated with a rule, as describedabove.

FIG. 7 illustrates an example process 700 for training a data modelusing machine learning techniques, as described herein.

At operation 702, the training module 126 can access data associatedwith states of user devices and associated issues. In at least oneexample, the data store 128 can store data associated with previouslyreceived inputs (e.g., data received from agents and/or data blocks) andissues identified based on such inputs. In at least one example, thetraining module 126 can access such data for training, as describedbelow.

At operation 704, the training module 126 can train a data model basedat least in part on the data. As described above, the training module126 can be configured to train one or more data models, for example,using machine learning mechanisms as described herein. In at least oneexample, the training module 126 can train a data model via machinelearning mechanism(s) to determine which input(s) are indicative ofindividual issue(s) that can affect user experience. In at least oneexample, the training module 126 may utilize a machine learningmechanism to build, modify, or otherwise utilize data model(s) that arecreated from example inputs and makes predictions or decisions. In atleast one example, the example inputs can include data (e.g., health,etc.) previously received from user devices and issues identified basedon such data. Based at least in part on the inputs, the training module126 can build, modify, or otherwise utilize data model(s) to identifyissues based on received inputs. Resulting machine-trained data modelscan be stored in the data store 128 for subsequent use by the monitoringmodule 122.

At operation 706, the monitoring module 122 can monitor states of userdevices using the data model. As described above, in at least oneexample, the monitoring module 122 can analyze the inputs (e.g., datareceived from the agent 130 and/or data blocks) to determine if/whenstates of user devices change. In some examples, the monitoring module122 can analyze such inputs, which can be configured to monitor businessscenarios and/or application scenarios. In at least one example, themachine-trained data model can be used to monitor the business scenariosand/or application scenarios, and in at least one example, uponreceiving new inputs, as described above, the machine-trained data modelcan identify issues. In some examples, such inputs and associated issuescan be codified as rules.

FIG. 8 illustrates an example process 800 for training a data modelusing machine learning techniques, as described herein.

At operation 802, the training module 126 can access data associatedwith issues identified for user devices and associated remedial actions.In at least one example, the data store 128 can store data associatedwith previously identified issues (e.g., based on data received fromagents and/or data blocks) and remedial actions taken to prevent and/orcorrect such identified issues. In at least one example, the trainingmodule 126 can access such data for training, as described below.

At operation 804, the training module 126 can train a data model basedat least in part on the data. As described above, the training module126 can be configured to train one or more data models, for example,using machine learning mechanisms as described herein. In at least oneexample, the training module 126 can train a data model via machinelearning mechanism(s) to determine which input(s) are indicative ofindividual issue(s) that can affect user experience. In at least oneexample, the training module 126 may utilize a machine learningmechanism to build, modify, or otherwise utilize data model(s) that arecreated from example inputs and makes predictions or decisions. In atleast one example, the example inputs can include issues previouslyidentified for user devices and remedial actions taken based on suchissues. Based at least in part on the inputs, the training module 126can build, modify, or otherwise utilize data model(s) to determineaction(s) to be performed for preventing and/or correcting identifiedissues. Resulting machine-trained data models can be stored in the datastore 128 for subsequent use by the monitoring module 122.

At operation 806, the remediation module 124 can determine remedialactions for issues associated with user devices using the data model. Asdescribed above, in at least one example, responsive to the occurrenceof a trigger event, the remediation module 124 can perform one or moreactions to prevent or correct an identified issue. In some examples, theone or more actions can be prescribed by a rule associated with theidentified issue. In some examples, the one or more actions can belearned via a machine learning mechanism, as described herein. As such,a machine-trained data model can analyze the identified issue and canoutput a recommendation regarding one or more actions to perform toprevent and/or correct the identified issue.

In at least one example, the machine-trained data models described abovewith reference to FIGS. 7 and 8 can be updated over time. That is, thetraining module 126 can access updated data and can retrain such datamodels based on the updated data.

FIG. 9 illustrates an example process 900 for monitoring a state of auser device using data received from a data block and/or effectuating aremedial action, as described herein. As described above, in someexamples, entities, such as the entity 102, may want to limit the accessof the monitoring service provider with respect to components of theircomputing infrastructure. In such examples, the monitoring module 122can access data which can be written to data blocks, as describedherein, and can collect data from such data blocks (e.g., via an API)instead of from the agent 130.

At operation 902, the monitoring module 122 can send, to a component202A associated with a user device, instruction(s) associated with anidentifier of a data block. As described above, in at least one example,the monitoring service provider can avail one or more data blocks 204(individually, 204A-204M), which can be written to and/or read from thecomponents 202. Each data block 204A-204M can be a light weightcontainer that is associated with a unique identifier (e.g., a globallyunique identifier). In at least one example, the monitoring module 122can send, to the component 202A associated with a user device,instruction(s) that include an identifier associated with a particulardata block (e.g., the data block 204A). In some examples, theinstruction(s) can be sent directly to the component 202A. In otherexamples, the instruction(s) can be sent to the component 202A via theparticular data block (e.g., the data block 204A).

At operation 904, data associated with the component 202A and theidentifier can be received. In at least one example, the component 202Acan send data to the data block 204A. In at least one example, the datacan include data associated with the health of the component 202A and/orproduct(s)/service(s) associated with a cloud-based service provider, asdescribed above. In some examples, the data can include an identifier(as provided by the instruction(s)) so that the data is written to thecorrect data block 204A. In at least one example, the data may beobscure such that may not be useful unless the meaning of the data isknown. That is, the data itself may include a value or other indicationthat is meaningless to anyone who may intercept the data as it istransmitted to the data block 204A and/or stored by the data block 204A.This provides an added layer of security for enabling securecommunications.

At operation 906, a data block corresponding to the identifier can storethe data. The data block 204A can store the data and/or can send thedata to the monitoring service provider server(s) 120 via an API. Thatis, the component 202A can write to the data block 204A and such datacan be accessible by the monitoring service provider server(s) 120. Byusing the data blocks 204, the monitoring service provider server(s) 120can access data from the components 202 without otherwise accessing thecomponents 202 and/or other data associated therewith.

At operation 908, the monitoring module 122 can monitor a state of thecomponent based at least in part on the data. As described above withreference to operation 508 of FIG. 5 , in at least one example, themonitoring module 122 can analyze inputs (e.g., data received from thedata block) to determine if/when a state of the user device changes. Insome examples, the monitoring module 122 can analyze such inputs usingone or more rules, which can be configured to monitor business scenariosand/or application scenarios. As described above, in at least oneexample, the one or more rules can be configurable. In at least oneexample, rules can be particular to products/services (e.g., availed bycloud-based service provider(s)), entities, users (e.g., characteristicsassociated therewith), geographic location, time of day, day of theweek, date, and the like.

At operation 910, the monitoring module 122 determines whether a triggerevent occurs. As described above, with reference to operation 510 ofFIG. 5 , in at least one example, a trigger event can be an event thatprompts the monitoring module 122 to send a notification to theremediation module 124 regarding a state of the user device. Based atleast in part on determining an occurrence of a trigger event, process900 can proceed to operation 512, as described above with reference toFIG. 5 . In some examples, if the monitoring module 122 does notdetermine that a trigger event occurs, process 900 can return tooperation 906, where additional data can be received from the userdevice and the monitoring module 122 can continue to monitor the stateof the user device.

In at least one example, the monitoring module 122 can utilizemachine-trained data model(s) to monitor the state of the user device.In such an example, the machine-trained data model(s) can identifyissue(s) based at least in part on the data received from the agentand/or recommend remedial action(s) to be taken. As such, in at leastone example, process 900 can proceed from operation 908 to effectuatinga remedial action and the remediation module 124 can effectuate therecommended remedial action(s) to be taken (e.g., without determiningwhether a trigger event occurs).

FIG. 10 illustrates example computing device(s) 1000 for performingtechniques described herein. The computing device(s) 1000 can correspondto the entity server(s) 106, user device(s) 108, the IT user device(s)114, the cloud-based service provider server(s) 116, and/or themonitoring service provider server(s) 120. The computing device(s) 1000can comprise user device(s) including, but not limited to, mobilephone(s), personal digital assistant(s), netbook(s), laptop computer(s), desktop computer(s), networked computer(s), and/or any anotherelectronic device(s) that are capable of transmitting or receivingdata), server computing device(s). In some examples, the computingdevice(s) 1000 can comprise server computing device(s) (e.g.,server(s)), which can be any type of server, such as anetwork-accessible server. In some examples, the server(s) can bestand-alone computing systems, distributed-computing systems,networked-computing systems, etc. For instance, in at least one example,one or more of the functionalities described herein as being performedby the server(s) can be performed by a single device or multipledevices. In some examples, one or more of the functionalities describedherein can be performed one or more remotely located devices instead of,or in addition to, the server(s).

In at least one example, the computing device(s) 1000 can includeprocessor(s) 1002, computer-readable media 1004, communicationinterface(s) 1006, and input/output device(s) 1008.

The processor(s) 1002 can represent, for example, a central processingunit (CPU)-type processing unit, a graphics processing unit (GPU)-typeprocessing unit, a Field-Programmable Gate Array (FPGA), another classof Digital Signal Processor (DSP), or other hardware logic componentsthat can, in some instances, be driven by a CPU. For example, andwithout limitation, illustrative types of hardware logic components thatcan be used include Application-Specific Integrated Circuits (ASICs),Application-Specific Standard Products (ASSPs), System-on-a-Chip Systems(SOCs), Complex Programmable Logic Devices (CPLDs), etc. In at least oneexample, an accelerator can represent a hybrid device, such as one fromZYLEX or ALTERA that includes a CPU course embedded in an FPGA fabric.In various embodiments, the processor(s) 1002 can execute one or moremodules and/or processes to cause the computing device(s) 1000 toperform a variety of functionalities, as set forth above and explainedin further detail in the following disclosure. Additionally, each of theprocessor(s) 1002 can possess its own local memory, which also can storeprogram modules, program data, and/or one or more operating systems.

Depending on the exact configuration and type of the computing device(s)1000, the computer-readable media 1004, can include computer storagemedia and/or communication media.

Computer storage media can include volatile memory, nonvolatile memory,and/or other persistent and/or auxiliary computer storage media,removable and non-removable computer storage media implemented in anymethod or technology for storage of data such as computer readableinstructions, data structures, program modules, or other data. Computermemory is an example of computer storage media. Thus, computer storagemedia includes tangible and/or physical forms of media included in adevice and/or hardware component that is part of a device or external toa device, including but not limited to random-access memory (RAM),static random-access memory (SRAM), dynamic random-access memory (DRAM),phase change memory (PRAM), read-only memory (ROM), erasableprogrammable read-only memory (EPROM), electrically erasableprogrammable read-only memory (EEPROM), flash memory, compact discread-only memory (CD-ROM), digital versatile discs (DVDs), optical cardsor other optical storage media, miniature hard drives, memory cards,magnetic cassettes, magnetic tape, magnetic disk storage, magnetic cardsor other magnetic storage devices or media, solid-state memory devices,storage arrays, network attached storage, storage area networks, hostedcomputer storage or any other storage memory, storage device, and/orstorage medium that can be used to store and maintain data for access bya computing device.

In at least one example, the computer storage media can includenon-transitory computer-readable media. Non-transitory computer-readablemedia can include volatile and nonvolatile, removable and non-removabletangible, physical media implemented in technology for storage of data,such as computer readable instructions, data structures, programmodules, or other data. The computer-readable media 1004 is an exampleof non-transitory computer-readable media. Non-transitorycomputer-readable media include, but are not limited to, RAM, ROM,EEPROM, flash memory or other memory technology, CD-ROM, DVDs or otheroptical storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, or any other tangible,physical medium which can be used to store the desired data and whichcan be accessed by the computing device(s) 1000. Any such non-transitorycomputer-readable media can be part of the computing device(s) 1000.

In contrast, communication media includes computer readableinstructions, data structures, program modules, or other data in amodulated data signal, such as a carrier wave, or other transmissionmechanism. As defined herein, computer storage media does not includecommunication media.

In at least one example, the computer-readable media 1004 can storemodule(s) and data 1010. The module(s) and data 1010 can be in the formof stand-alone applications, productivity applications, an operatingsystem component, or any other application or software module. Forinstance, if the computing device(s) 1000 correspond to the monitoringservice provider server(s) 120, the module(s) and data 1010 can includethe monitoring module 122, the remediation module 124, the trainingmodule 126, and the data store 128. Furthermore, if the computingdevice(s) 1000 correspond to the user device(s) 108, the module(s) anddata 1010 can include the cloud-based application(s) 118 and the agent130.

The communication interface(s) 1006 can include one or more interfacesand hardware components for enabling communication with various otherdevices, such as over network(s) or directly. For example, communicationinterface(s) 1006 can enable communication through one or more networks,which can include, but are not limited any type of network known in theart, such as a local area network or a wide area network, such as theInternet, and can include a wireless network, such as a cellularnetwork, a cloud network, a local wireless network, such as Wi-Fi and/orclose-range wireless communications, such as Bluetooth®, BLE, NFC, RFID,a wired network, low power area networks (LPWAN) or any other suchnetwork, or any combination thereof. Components used for suchcommunications can depend at least in part upon the type of network, theenvironment selected, or both. Protocols for communicating over suchnetworks are well known and will not be discussed herein in detail.

In at least one example, the one or more input/output (I/O) devices 1008can include speakers, a microphone, a camera, a display, a haptic outputdevice, various user controls (e.g., buttons, a joystick, a keyboard, akeypad, etc.), and so forth.

Although the subject matter has been described in language specific tostructural data items and/or methodological acts, it is to be understoodthat the subject matter defined in the appended claims is notnecessarily limited to the specific data items or acts described.Rather, the specific data items and acts are disclosed as exemplaryforms of implementing the claims.

EXAMPLE CLAUSES

A: A system of a monitoring service for monitoring user experienceassociated with one or more cloud-based services availed via an entity,the system comprising: one or more processors; and one or morenon-transitory computer readable media storing computer executableinstructions that, when executed, cause the system to perform operationscomprising: receiving, from a user device using a cloud-based service ofthe one or more cloud-based services, data associated with one or morecomponents of the user device, wherein the data is indicative of a userexperience of a user associated with the user device while using thecloud-based service, and wherein the user and the user device areassociated with the entity; monitoring, using one or more rules andbased at least in part on the data, a state of the user device;determining, based at least in part on the monitoring, a change to thestate of the user device; and causing a notification to be presented viaa computing device of a designated user, wherein the notificationindicates the change to the state of the user device.

B: The system as paragraph A recites, wherein the user device is one ofa plurality of user devices associated with the entity, and theoperations further comprise: determining state changes to a number ofuser devices of the plurality of user devices; determining that thenumber of user devices meets or exceeds a threshold; and causing thenotification to be presented via the computing device is responsive todetermining that the number of user devices meets or exceeds thethreshold.

C: The system as paragraph A or B recites, wherein the one or more rulesare associated with at least one condition, and the operations furthercomprise: determining, based at least in part on the data, that the atleast one condition is satisfied; and determining the change to thestate of the user device responsive to determining that the at least onecondition is satisfied.

D: The system as any of claims A-C recites, wherein the data is receivedfrom a software agent running as a background process on the userdevice.

E: The system as any of claims A-D recites, wherein the designated useris a technical support representative of the entity associated with theuser device or a representative associated with the monitoring service.

F: The system as any of claims A-E recites, wherein the one or morerules are determined based at least in part on one or more of (i) thecloud-based service, (ii) the entity, or (iii) a characteristic of theuser of the user device.

G: The system as any of claims A-F recites, wherein the one or morerules are generated using a machine learning mechanism.

H: A method, implemented at least in part by one or more servercomputing devices of a monitoring service for monitoring user experienceassociated with one or more cloud-based services availed via an entity,the method comprising: receiving, from a user device using a cloud-basedservice of the one or more cloud-based services, data associated withone or more components of the user device, wherein the data isindicative of a user experience associated with the user device whileusing the cloud-based service, and wherein the user device is associatedwith the entity; monitoring, using one or more rules and based at leastin part on the data, changes to a state of the user device; determining,based at least in part on the monitoring, an occurrence of a triggerevent; and determining an output associated with the trigger event,wherein the output causes one or more remedial actions to be performed.

I: The method as paragraph H recites, wherein the output comprisescausing a notification to be presented via a computing device of adesignated user, the notification indicating a change to the state ofthe user device.

J: The method as paragraph H or I recites, wherein the one or moreremedial actions are performed automatically by the one or more servercomputing devices.

K: The method as any of claims H-J recites, wherein a rule of the one ormore rules is associated with a condition and the method furthercomprises: determining, based at least in part on the data, that thecondition is satisfied; and determining the occurrence of the triggerevent based at least in part on determining that the condition issatisfied.

L: The method as any of claims H-K recites, wherein the one or morerules are respectively associated with one or more conditions and themethod further comprises determining the occurrence of the trigger eventbased at least in part on determining that more than a threshold numberof the one or more conditions are satisfied.

M: The method as any of claims H-L recites, wherein the state of theuser device is associated with a value and the method further comprisesdetermining the occurrence of the trigger event based at least in parton a relationship of the value and a threshold value.

N: The method as any of claims H-M recites, wherein the data is receivedfrom a software agent running as a background process on the userdevice.

O: The method as any of claims H-N recites, wherein the one or morerules are determined based at least in part on one or more of (i) thecloud-based service, (ii) the entity, or (iii) a characteristic of auser of the user device.

P: The method as paragraph O recites, wherein the data is associatedwith an identifier and the method further comprises: identifying theuser based at least in part on the identifier; and determining the oneor more remedial actions based at least in part on the identity of theuser.

Q: The method as any of claims H-P recites, further comprisingreceiving, from the user device and at a substantially regular intervalof time, additional data associated with the one or more components ofthe user device, wherein the data and the additional data are receivedsecurely and in near real-time.

R: One or more non-transitory computer readable media storing computerexecutable instructions that, when executed, cause one or moreprocessors of a monitoring service for monitoring user experienceassociated with one or more cloud-based services to perform operationscomprising: receiving, from a user device using a cloud-based service,data associated with one or more components of the user device, whereinthe data is indicative of a user experience associated with the userdevice while using the cloud-based service, and wherein the user deviceis associated with an entity availing the cloud-based service;monitoring, using one or more rules and based at least in part on thedata, changes to a state of the user device; determining, based at leastin part on the monitoring, an occurrence of a trigger event associatedwith a remedial action; and effectuating the remedial action.

S: The one or more instructions as paragraph R recites, the operationsfurther comprising: prior to receiving the data from the user device:receiving a request to add the user device to the monitoring service;and providing, to the user device, a software agent to be downloaded tothe user device, wherein the software agent runs as a background processon the user device; and receiving the data from the software agent atsubstantially regular intervals of time.

T: The one or more instructions as paragraph R or S recites, wherein theone or more rules are determined based at least in part on one or moreof (i) the cloud-based service, (ii) the entity, or (iii) acharacteristic of a user of the user device.

U: A system associated with a monitoring service monitoring userexperience associated with one or more cloud-based services availed byone or more entities, the system comprising: one or more processors; andone or more non-transitory computer readable media storing computerexecutable instructions that, when executed, cause the system to performoperations comprising: providing one or more instructions to a componentassociated with an entity of the one or more entities, wherein the oneor more instructions are associated with an identifier corresponding toa data block of a plurality of data blocks associated with the system;receiving, from the component, data indicative of a state of thecomponent, wherein the data is associated with the identifier; storingthe data in the data block corresponding to the identifier; andmonitoring, using one or more rules, changes to the state of thecomponent based at least in part on the data in the data block.

V: The system as paragraph U recites, wherein the component is acomputing device or a process.

W: The system as paragraph U or V recites, wherein the data is furtherindicative of a user experience associated with the component whileusing a cloud-based service of the one or more cloud-based servicesmonitored by the system.

X: The system as any of claims U-W recites, the operations furthercomprising: determining, based at least in part on the monitoring, anoccurrence of a trigger event associated with a remedial action; andeffectuating the remedial action.

Y: The system as any of claims U-X recites, wherein the data block isconfigured for at least the component to read from or write to the datablock.

Z: The system as any of claims U-Y recites, the operations furthercomprising receiving, after a lapse of a period of time, updated datafrom the component.

AA: The system as any of claims U-Z recites, wherein the component andadditional data associated with the component are inaccessible to thesystem.

AB: The system as any of claims U-AA recites, wherein the component isremotely located from the system and the data is transmitted via asecure network connection.

AC: A computer-implemented method comprising: providing one or moreinstructions to a component associated with an entity, wherein the oneor more instructions are associated with an identifier corresponding toa data block of a plurality of data blocks associated with a system of aservice provider for monitoring cloud-based services availed by theentity; receiving, from the component, data indicative of a state of thecomponent, wherein the data is associated with the identifier; storingthe data in the data block associated with the identifier; andmonitoring, using one or more rules, changes to the state of thecomponent based at least in part on the data in the data block.

AD: The computer-implemented method as paragraph AC recites, furthercomprising sending additional data associated with the data block to atleast one of the component or another component.

AE: The computer-implemented method as paragraph AC or AD recites,further comprising receiving additional data from the component atsubstantially regular intervals of time.

AF: The computer-implemented method as paragraph AE recites, furthercomprising generating a log of changes to the data based at least inpart on the additional data received at the substantially regularintervals of time.

AG: The computer-implemented method as any of claims AC-AF recites,wherein the component is configured to transmit the data to the datablock via a network connection, the computer-implemented method furthercomprising receiving the data associated with the component afterrestoration of an unavailable network connection.

AH: The computer-implemented method as any of claims AC-AG recites,further comprising determining that the component satisfies a securitycondition prior to storing the data in the data block.

AI: The computer-implemented method as any of claims AC-AH recites,further comprising: determining, based at least in part on themonitoring, an occurrence of a trigger event associated with a remedialaction; and effectuating the remedial action.

AJ: The computer-implemented method as any of claims AC-AI recites,wherein the data is received via an Application Programming Interface(API) that enables the system to access the data without accessing atleast one of the component or additional data associated with thecomponent.

AK: One or more non-transitory computer readable media storing computerexecutable instructions that, when executed, cause one or moreprocessors to perform operations comprising: providing one or moreinstructions to a component associated with an entity, wherein the oneor more instructions are associated with an identifier corresponding toa data block of a plurality of data blocks associated with a system of aservice provider for monitoring cloud-based services availed by theentity; receiving, from the component, data associated with thecomponent, wherein the data is associated with the identifier and isindicative of a state of the component; storing the data in the datablock; and monitoring, using one or more rules, changes to the state ofthe component based at least in part on the data in the data block.

AL: The one or more computer-readable instructions as paragraph AKrecites, the operations further comprising receiving additional datafrom the component at substantially regular intervals of time.

AM: The one or more computer-readable instructions as paragraph AK or ALrecites, the operations further comprising: determining, based at leastin part on the monitoring, an occurrence of a trigger event associatedwith a remedial action; and effectuating the remedial action.

AN: The one or more computer-readable instructions as any of claimsAK-AM recites, wherein the data is received via an ApplicationProgramming Interface (API) that enables the system to access the datawithout accessing at least one of the component or additional dataassociated with the component.

While the example clauses described above are described with respect toone particular implementation, it should be understood that, in thecontext of this document, the content of the example clauses can also beimplemented via a method, device, system, a computer-readable medium,and/or another implementation. Additionally, any of examples A-AN may beimplemented alone or in combination with any other one or more of theexamples A-AN.

Conclusion

While one or more examples of the techniques described herein have beendescribed, various alterations, additions, permutations and equivalentsthereof are included within the scope of the techniques describedherein.

In the description of examples, reference is made to the accompanyingdrawings that form a part hereof, which show by way of illustrationspecific examples of the claimed subject matter. It is to be understoodthat other examples can be used and that changes or alterations, such asstructural changes, can be made. Such examples, changes or alterationsare not necessarily departures from the scope with respect to theintended claimed subject matter. While the steps herein can be presentedin a certain order, in some cases the ordering can be changed so thatcertain inputs are provided at different times or in a different orderwithout changing the function of the systems and methods described. Thedisclosed procedures could also be executed in different orders.Additionally, various computations that are herein need not be performedin the order disclosed, and other examples using alternative orderingsof the computations could be readily implemented. In addition to beingreordered, the computations could also be decomposed intosub-computations with the same results.

What is claimed is:
 1. A system comprising: one or more processors; andone or more non-transitory computer readable media storing computerexecutable instructions that, when executed, cause the system to performoperations comprising: causing presentation of, by one or more servercomputing devices of a service provider via a user interface of acomputing device of a designated user, a plurality of graphicalelements, wherein individuals of the plurality of graphical elementscorrespond to respective individuals of a plurality of devicesassociated with the service provider, wherein an individual graphicalelement of the plurality of graphical elements has one or more visualcharacteristics associated with a state of a respective device, andwherein the state is associated with user experience while using acloud-based service provided by the service provider; receiving, by theone or more server computing devices and from a device of the pluralityof devices, state data associated with a state of the device;determining, by the one or more server computing devices and based atleast in part on application of a rule to the state data, that the stateof the device satisfies a condition; and based at least in part ondetermining that the state satisfies the condition, modifying, by theone or more server computing devices and in near real-time of receivingthe state data, at least one of the one or more visual characteristicsof a graphical element corresponding to device.
 2. The system as claim 1recites, wherein the graphical element corresponding to the devicecomprises an actuation mechanism, that, when actuated, causespresentation, by the one or more server computing devices, of additionalinformation associated with the device.
 3. The system as claim 1recites, wherein the plurality of graphical elements are presented in athumbnail view or a list view.
 4. The system as claim 1 recites, whereinat least one of the one or more visual characteristics comprises text,color, or cross-hatching.
 5. The system as claim 1 recites, theoperations further comprising: based at least in part on determiningthat the state satisfies the condition, causing, by the one or moreserver computing devices, performance of one or more remedial actions,wherein causing the performance of the one or more remedial actionscomprises at least one of causing the device to reboot, causing thedevice to perform a scan for viruses, causing the device to perform ascan for software versions, or generating a support ticket.
 6. Thesystem as claim 5 recites, the operations further comprising: training,by the one or more server computing devices, a predictive model usingtraining data comprising a plurality of historical remedial actionsassociated with respective states of individual devices of the pluralityof devices; and at least partly responsive to determining that the stateof the device satisfies the condition, determining, by the one or moreserver computing devices, the one or more remedial actions based atleast in part on the predictive model.
 7. The system as claim 1 recites,wherein the device comprises at least one of a user device or at leastone of the one or more server computing devices.
 8. The system as claim1 recites, wherein receiving the state data from the device comprisesreceiving the state data from a software agent provided to the device bythe cloud-based service, wherein the software agent runs as a backgroundprocess on the device.
 9. The system as claim 1 recites, wherein a firstsubset of the plurality of devices are associated with a first entityand a second subset of the plurality of devices are associated with asecond entity.
 10. The system as claim 1 recites, the operations furthercomprising: based at least in part on determining that the statesatisfies the condition, at least one of: causing presentation, by theone or more server computing devices, of a notification on the device;sending, by the one or more server computing devices, an email to a userassociated with the device; or sending, by the one or more servercomputing devices, a direct message to the user.
 11. The system as claim1 recites, wherein the condition being satisfied comprises a thresholdchange in a value associated with the state.
 12. The system as claim 1recites, wherein the state of the device comprises the state of one ormore of a component, an application, a product, a service, or a networkassociated with of the device.
 13. One or more non-transitorycomputer-readable media storing instructions executable by one or moreprocessors that, when executed by the one or more processors, cause theone or more processors to perform operations comprising: causingpresentation of, by one or more server computing devices of a serviceprovider via a user interface of a computing device of a designateduser, a plurality of graphical elements, wherein individuals of theplurality of graphical elements correspond to respective individuals ofa plurality of devices associated with the service provider, wherein anindividual graphical element of plurality of graphical elements has oneor more visual characteristics associated with a state of a respectivedevice, and wherein the state is associated with user experience whileusing a cloud-based service provided by the service provider; receiving,by the one or more server computing devices and from a device of theplurality of devices, state data associated with a state of the device;determining, by the one or more server computing devices and based atleast in part on application of a rule to the state data, that the stateof the device satisfies a condition; and based at least in part ondetermining that the state satisfies the condition, modifying, by theone or more server computing devices and in near real-time of receivingthe state data, at least one of the one or more visual characteristicsof a graphical element corresponding to the device.
 14. The one or morenon-transitory computer-readable media as claim 13 recites, wherein thegraphical element corresponding to the device comprises an actuationmechanism, that, when actuated, causes presentation, by the one or moreserver computing devices, of additional information associated with thedevice.
 15. The one or more non-transitory computer-readable media asclaim 13 recites, wherein the plurality of graphical elements arepresented in a thumbnail view or a list view.
 16. The one or morenon-transitory computer-readable media as claim 13 recites, wherein atleast one of the one or more visual characteristics comprises text,color, or cross-hatching.
 17. The one or more non-transitorycomputer-readable media as claim 13 recites, the operations furthercomprising: based at least in part on determining that the statesatisfies the condition, causing, by the one or more server computingdevices, performance of one or more remedial actions.
 18. The one ormore non-transitory computer-readable media as claim 17 recites, whereincausing the performance of the one or more remedial actions comprises atleast one of causing the device to reboot, causing the device to performa scan for viruses, causing the device to perform a scan for softwareversions, or generating a support ticket.
 19. The one or morenon-transitory computer-readable media as claim 17 recites, theoperations further comprising: training, by the one or more servercomputing devices, a predictive model using training data comprising aplurality of historical remedial actions associated with respectivestates of individual devices of the plurality of devices; and at leastpartly responsive to determining that the state of the device satisfiesthe condition, determining, by the one or more server computing devices,the one or more remedial actions based at least in part on thepredictive model.
 20. A method comprising: causing presentation of, byone or more server computing devices of a service provider via a userinterface of a computing device of a designated user, a plurality ofgraphical elements, wherein individuals of the plurality of graphicalelements correspond to respective individuals of a plurality of devicesassociated with the service provider, wherein an individual graphicalelement of plurality of graphical elements has one or more visualcharacteristics associated with a state of a respective device, andwherein the state is associated with user experience while using acloud-based service provided by the service provider; receiving, by theone or more server computing devices and from a device of the pluralityof devices, state data associated with a state of the device;determining, by the one or more server computing devices and based atleast in part on application of a rule to the state data, that the stateof the device satisfies a condition; and based at least in part ondetermining that the state satisfies the condition, modifying, by theone or more server computing devices and in near real-time of receivingthe state data, at least one of the one or more visual characteristicsof a graphical element corresponding to the device.